From 473d0ba70431afa18a65b822390ea1886f2411cf Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sun, 19 May 2024 20:38:32 +0300
Subject: [PATCH] firefox-forbidden-policies.js: use lockPref so it's clear
 what cannot be changed within the browser

---
 conf/firefox-forbidden-policies.js | 57 ++++++++++++++++--------------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/conf/firefox-forbidden-policies.js b/conf/firefox-forbidden-policies.js
index ffdad897..cf99dfbd 100644
--- a/conf/firefox-forbidden-policies.js
+++ b/conf/firefox-forbidden-policies.js
@@ -5,41 +5,44 @@
 // repository, etc/firefox/policies/policies.json
 
 // If autoconfig is not found, fallback. Also means this file.
-pref("autoadmin.failover_to_cached", true);
-pref(
+lockPref("autoadmin.failover_to_cached", true);
+lockPref(
 	"autoadmin.global_config_url",
 	"https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js",
 );
-pref("autoadmin.offline_failover", true);
-pref("autoadmin.refresh_interval", 120);
+lockPref("autoadmin.offline_failover", true);
+lockPref("autoadmin.refresh_interval", 120);
 
 // Automatically click cookiebanners although uBlock Origin might block them
-pref("cookiebanners.bannerClicking.enabled", true);
-pref("cookiebanners.service.mode", 2);
-pref("cookiebanners.service.mode.privateBrowsing", 2);
+lockPref("cookiebanners.bannerClicking.enabled", true);
+lockPref("cookiebanners.service.mode", 2);
+lockPref("cookiebanners.service.mode.privateBrowsing", 2);
 
 // I can set my preferred fonts in an order! :O
 // but obviously this is forbidden in policies.json!
-pref("font.name-list.monospace.x-cyrillic", "Noto Shanns Mono, monospace");
-pref("font.name-list.monospace.x-western", "Noto Shanns Mono, monospace");
-pref("font.name-list.sans-serif.x-cyrillic", "Noto Sans, sans-serif");
-pref("font.name-list.sans-serif.x-western", "Noto Sans, sans-serif");
-pref("font.name-list.serif.x-cyrillic", "Noto Serif, serif");
-pref("font.name-list.serif.x-western", "Noto Serif, serif");
+lockPref(
+	"font.name-list.monospace.x-cyrillic",
+	"Noto Shanns Mono, monospace",
+);
+lockPref("font.name-list.monospace.x-western", "Noto Shanns Mono, monospace");
+lockPref("font.name-list.sans-serif.x-cyrillic", "Noto Sans, sans-serif");
+lockPref("font.name-list.sans-serif.x-western", "Noto Sans, sans-serif");
+lockPref("font.name-list.serif.x-cyrillic", "Noto Serif, serif");
+lockPref("font.name-list.serif.x-western", "Noto Serif, serif");
 
 // Play animated images only once, accessibility.
-pref("image.animation.mode", "once");
+lockPref("image.animation.mode", "once");
 
 // Spoof en-US as language to scripts
-pref("javascript.use_us_english_locale", true);
+lockPref("javascript.use_us_english_locale", true);
 
 // DNT although PrivacyBadger from policy handles this
-pref("privacy.donottrackheader.enabled", true);
-pref("privacy.donottrackheader.value", 1);
+lockPref("privacy.donottrackheader.enabled", true);
+lockPref("privacy.donottrackheader.value", 1);
 
 // More tunable privacy.resistfingerprinting. I have lost the privacy game
 // many times before this point, so this is nothing.
-//pref("privacy.fingerprintingProtection", true);
+//lockPref("privacy.fingerprintingProtection", true);
 
 // Somehow I cannot clearPref this, so...
 //clearPref("privacy.fingerprintingProtection");
@@ -50,17 +53,17 @@ lockPref("privacy.fingerprintingProtection", false);
 //	"+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack",
 //);
 clearPref("privacy.fingerprintingProtection.overrides");
-//pref("privacy.fingerprintingProtection.pbmode", true);
+//lockPref("privacy.fingerprintingProtection.pbmode", true);
 clearPref("privacy.fingerprintingProtection.pbmode");
 // (Incompatible with the above)
-//pref("privacy.resistFingerprinting", false);
+//lockPref("privacy.resistFingerprinting", false);
 clearPref("privacy.resistFingerprinting");
-//pref("privacy.resistFingerprinting.block_mozAddonManage", true);
+//lockPref("privacy.resistFingerprinting.block_mozAddonManage", true);
 clearPref("privacy.resistFingerprinting.block_mozAddonManage");
 // Letterboxing from Tor Browser, I like it in general.
 lockPref("privacy.resistFingerprinting.letterboxing", true);
 // Still Incompatible with the above
-//pref("privacy.resistFingerprinting.pbmode", false);
+//lockPref("privacy.resistFingerprinting.pbmode", false);
 clearPref("privacy.resistFingerprinting.pbmode");
 
 // Which extension requires container tabs? My policy and this file. This
@@ -70,18 +73,18 @@ lockPref("privacy.userContext.extension", "");
 // Enable containers without extensions (although those are forced by the
 // policy. TODO: Remove these as they are in the policy, but disallowed by
 // current ESR
-pref("privacy.userContext.enabled", true);
-pref("privacy.userContext.ui.enabled", true);
+lockPref("privacy.userContext.enabled", true);
+lockPref("privacy.userContext.ui.enabled", true);
 
 // Enables reading mode for all pages (at least in theory)
-pref("reader.parse-on-load.force-enabled", true);
+lockPref("reader.parse-on-load.force-enabled", true);
 
 // Ensure OCSP stapling is enabled, especially if the server has it
-pref("security.ssl.enable_ocsp_must_staple", true);
+lockPref("security.ssl.enable_ocsp_must_staple", true);
 
 // TODO: Consider removing this when ESR updates as only it needs this for
 // ECH, which is otherwise the default=
-pref("security.tls.ech.grease_http3", true);
+lockPref("security.tls.ech.grease_http3", true);
 
 // No making configuration on the last line of the file!
 //